Netgate SG-1000 microFirewall

Author Topic: Vm-network conecting to home network  (Read 580 times)

0 Members and 1 Guest are viewing this topic.

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +5/-1
    • View Profile
Re: Vm-network conecting to home network
« Reply #15 on: January 03, 2018, 12:00:45 pm »
ok so:
TP-Link WAN: (DHCP? doesn't matter for this topic)
TP-Link LAN: 192.168.0.1/24
Has route to 10.0.0.0/24 via 192.168.0.3


pfSense WAN 192.168.0.3/24
pfSense LAN:10.0.0.1/24

Server: 10.0.0.100/24
-Gateway 10.0.0.1

Workstation: 192.168.0.100/24
-Gateway 192.168.0.1

Server to Workstation - working
Workstation to Server - not working?

Can you show me your firewall rules on pfSense WAN and LAN?
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #16 on: January 03, 2018, 01:10:15 pm »
Edit: Did some ping test with CMD and from the 10.0.0.1 network i'am able to ping all IP's on my home network...

other way i'am not home to vm-network...


do i need to turn on (see last attachment) i have read some thing about it but i didnt total understant it.... sorry still a noob  :-[
##############################################################################

Under Firewall/NAT

Port Forward // 1:1 // Outbound // NPt

they are empty

Here some screens

hoop you can read them :)


Sorry not sure on witch page to add the rule
« Last Edit: January 03, 2018, 01:29:09 pm by lars314 »

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +5/-1
    • View Profile
Re: Vm-network conecting to home network
« Reply #17 on: January 04, 2018, 02:52:19 pm »
Under NAT outbound, this MUST be disabled. That's why you can ping from 10.0.0.0/24 to 192.168.0.0/24. NAT will see the ping on its way out and map 10.0.0.100 to 192.168.0.3:[some port number] (This is actually called port address translation.)

If you ran a packet sniffer on 192.168.0.100 while pinging from 10.0.0.100, 192.168.0.100 would see the ping came from 192.168.0.3.

When you try to ping from 1923.168.0.100 to 10.0.0.100 that port map does not exist and will be blocked.

NAT (PAT - port address translation in most implementations) hides a network behind one or a set of IPs. This is why when you have a bunch of PCs connected to the internet you only get one public address. Your home router uses PAT to connect all of your devices to the internet and coincidentally that's also why you need port  forwarding to connect to your computers from outside of your home network.

Long story short, disable NAT. Your rules look ok to me.
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #18 on: January 06, 2018, 07:20:27 am »
I did turn off the NAT function, but know i not able to ping like you sad.
so think we need some Firewall rules ?



My goal is to use MS WDS // MDT for study  :)

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +5/-1
    • View Profile
Re: Vm-network conecting to home network
« Reply #19 on: January 06, 2018, 12:52:25 pm »
Can you send screenshots for your pfSense routes, gateways, and dhcp? Also the static route on your TP-Link.
Slow code? Sounds like a good reason to buy more hardware!

Offline lars314

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Vm-network conecting to home network
« Reply #20 on: January 07, 2018, 12:15:02 pm »
The requested img...


Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +5/-1
    • View Profile
Re: Vm-network conecting to home network
« Reply #21 on: January 12, 2018, 04:02:32 pm »
Remove GW_LAN. Also on the DHCP on pfSense make sure the default gateway is set to 10.0.0.1
Slow code? Sounds like a good reason to buy more hardware!